skip to main content
10.1145/2784731.2784764acmconferencesArticle/Chapter ViewAbstractPublication PagesicfpConference Proceedingsconference-collections
research-article

Pilsner: a compositionally verified compiler for a higher-order imperative language

Published: 29 August 2015 Publication History

Abstract

Compiler verification is essential for the construction of fully verified software, but most prior work (such as CompCert) has focused on verifying whole-program compilers. To support separate compilation and to enable linking of results from different verified compilers, it is important to develop a compositional notion of compiler correctness that is modular (preserved under linking), transitive (supports multi-pass compilation), and flexible (applicable to compilers that use different intermediate languages or employ non-standard program transformations). In this paper, building on prior work of Hur et al., we develop a novel approach to compositional compiler verification based on parametric inter-language simulations (PILS). PILS are modular: they enable compiler verification in a manner that supports separate compilation. PILS are transitive: we use them to verify Pilsner, a simple (but non-trivial) multi-pass optimizing compiler (programmed in Coq) from an ML-like source language S to an assembly-like target language T, going through a CPS-based intermediate language. Pilsner is the first multi-pass compiler for a higher-order imperative language to be compositionally verified. Lastly, PILS are flexible: we use them to additionally verify (1) Zwickel, a direct non-optimizing compiler for S, and (2) a hand-coded self-modifying T module, proven correct w.r.t. an S-level specification. The output of Zwickel and the self-modifying T module can then be safely linked together with the output of Pilsner. All together, this has been a significant undertaking, involving several person-years of work and over 55,000 lines of Coq.

References

[1]
Appendix and Coq development. http://plv.mpi-sws.org/pils.
[2]
A. Ahmed. Step-indexed syntactic logical relations for recursive and quantified types. In ESOP, 2006.
[3]
A. Ahmed, D. Dreyer, and A. Rossberg. State-dependent representation independence. In POPL, 2009.
[4]
L. Beringer, G. Stewart, R. Dockins, and A. W. Appel. Verified compilation for shared-memory C. In ESOP, 2014.
[5]
D. Dobbs, M. Fontana, and S.-E. Kabbaj, editors. Advances in Commutative Ring Theory. CRC Press, 1999.
[6]
D. Dreyer, G. Neis, and L. Birkedal. The impact of higher-order state and control effects on local relational reasoning. JFP, 22(4-5), 2012.
[7]
M. Fluet and S. Weeks. Contification using dominators. In ICFP, 2001.
[8]
C.-K. Hur and D. Dreyer. A Kripke logical relation between ML and assembly. In POPL, 2011.
[9]
C.-K. Hur, D. Dreyer, G. Neis, and V. Vafeiadis. The marriage of bisimulations and Kripke logical relations. In POPL, 2012.
[10]
C.-K. Hur, G. Neis, D. Dreyer, and V. Vafeiadis. The transitive composability of relation transition systems. Technical Report MPISWS-2012-002, MPI-SWS, 2012.
[11]
C.-K. Hur, G. Neis, D. Dreyer, and V. Vafeiadis. A logical step forward in parametric bisimulations. Technical Report MPI-SWS-2014-003, MPI-SWS, 2014.
[12]
A. Kennedy. Compiling with continuations, continued. In ICFP, 2007.
[13]
R. Kumar, M. Myreen, M. Norrish, and S. Owens. CakeML: A verified implementation of ML. In POPL, 2014.
[14]
V. Le, M. Afshari, and Z. Su. Compiler validation via equivalence modulo inputs. In PLDI, 2014.
[15]
X. Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43(4):363–446, 2009.
[16]
J. Matthews and R. B. Findler. Operational semantics for multilanguage programs. In POPL, 2007.
[17]
K. S. Namjoshi. A simple characterization of stuttering bisimulation. In FSTTCS, pages 284–296, 1997.
[18]
A. Nanevski, V. Vafeiadis, and J. Berdine. Structuring the verification of heap-manipulating programs. In POPL, 2010.
[19]
J. T. Perconti and A. Ahmed. Verifying an open compiler using multilanguage semantics. In ESOP, 2014.
[20]
A. Pitts and I. Stark. Operational reasoning for functions with local state. In HOOTS, 1998.
[21]
D. Sangiorgi, N. Kobayashi, and E. Sumii. Environmental bisimulations for higher-order languages. In LICS, 2007.
[22]
G. Stewart, L. Beringer, S. Cuellar, and A. W. Appel. Compositional CompCert. In POPL, 2015.
[23]
K. Støvring and S. Lassen. A complete, co-inductive syntactic theory of sequential control and state. In POPL, 2007.
[24]
E. Sumii and B. Pierce. A bisimulation for type abstraction and recursion. Journal of the ACM, 54(5):1–43, 2007.
[25]
P. Wang, S. Cuellar, and A. Chlipala. Compiler verification meets cross-language linking via data abstraction. In OOPSLA, 2014.

Cited By

View all
  • (2025)CF-GKAT: Efficient Validation of Control-Flow TransformationsProceedings of the ACM on Programming Languages10.1145/37048579:POPL(600-626)Online publication date: 9-Jan-2025
  • (2025)CertiCoq-Wasm: A Verified WebAssembly Backend for CertiCoqProceedings of the 14th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3703595.3705879(127-139)Online publication date: 10-Jan-2025
  • (2024)A Logical Approach to Type SoundnessJournal of the ACM10.1145/367695471:6(1-75)Online publication date: 11-Nov-2024
  • Show More Cited By

Index Terms

  1. Pilsner: a compositionally verified compiler for a higher-order imperative language

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming
        August 2015
        436 pages
        ISBN:9781450336697
        DOI:10.1145/2784731
        • cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 50, Issue 9
          ICFP '15
          September 2015
          436 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/2858949
          • Editor:
          • Andy Gill
          Issue’s Table of Contents
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 29 August 2015

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. Compositional compiler verification
        2. abstract types
        3. higher-order state
        4. parametric simulations
        5. recursive types
        6. transitivity

        Qualifiers

        • Research-article

        Conference

        ICFP'15
        Sponsor:

        Acceptance Rates

        Overall Acceptance Rate 333 of 1,064 submissions, 31%

        Upcoming Conference

        ICFP '25
        ACM SIGPLAN International Conference on Functional Programming
        October 12 - 18, 2025
        Singapore , Singapore

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)10
        • Downloads (Last 6 weeks)1
        Reflects downloads up to 17 Jan 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2025)CF-GKAT: Efficient Validation of Control-Flow TransformationsProceedings of the ACM on Programming Languages10.1145/37048579:POPL(600-626)Online publication date: 9-Jan-2025
        • (2025)CertiCoq-Wasm: A Verified WebAssembly Backend for CertiCoqProceedings of the 14th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3703595.3705879(127-139)Online publication date: 10-Jan-2025
        • (2024)A Logical Approach to Type SoundnessJournal of the ACM10.1145/367695471:6(1-75)Online publication date: 11-Nov-2024
        • (2024)Fully Composable and Adequate Verified Compilation with Direct Refinements between Open ModulesProceedings of the ACM on Programming Languages10.1145/36329148:POPL(2160-2190)Online publication date: 5-Jan-2024
        • (2024)Verified Inlining and Specialisation for PureCakeProgramming Languages and Systems10.1007/978-3-031-57267-8_11(275-301)Online publication date: 6-Apr-2024
        • (2023)Melocoton: A Program Logic for Verified Interoperability Between OCaml and CProceedings of the ACM on Programming Languages10.1145/36228237:OOPSLA2(716-744)Online publication date: 16-Oct-2023
        • (2023)Cakes That Bake Cakes: Dynamic Computation in CakeMLProceedings of the ACM on Programming Languages10.1145/35912667:PLDI(1121-1144)Online publication date: 6-Jun-2023
        • (2023)DimSum: A Decentralized Approach to Multi-language Semantics and VerificationProceedings of the ACM on Programming Languages10.1145/35712207:POPL(775-805)Online publication date: 11-Jan-2023
        • (2022)Monadic compiler calculation (functional pearl)Proceedings of the ACM on Programming Languages10.1145/35476246:ICFP(80-108)Online publication date: 31-Aug-2022
        • (2022)Overcoming restraint: composing verification of foreign functions with cogentProceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3497775.3503686(13-26)Online publication date: 17-Jan-2022
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media